By Cameron Cantrell 

On March 3, 2026, CalPrivacy announced an enforcement decision against 2080 Media Inc., doing business as PlayOn Sports, a sports ticketing platform widely used by schools. The stipulated order settles CalPrivacy’s three claims against PlayOn, each alleging PlayOn’s tracking technology practices violated CCPA’s opt-out requirements.  

PlayOn’s Alleged Violations: Opt-Out Methods, OOPS Recognition, and Notice of Opt-Out Rights 

CalPrivacy first alleged that PlayOn sold personal information and disclosed personal information for cross-context behavioral advertising (known as “sharing” under CCPA) via targeted advertising cookies deployed on its digital properties, while “fail[ing] to offer an effective [opt-out method]” for such practices as required by CCPA. According to CalPrivacy, PlayOn only allowed consumers to opt-out of sale/sharing by (1) contacting a toll-free phone number and email address, which were allegedly not implemented to “sufficiently address” sale/sharing performed tracking technologies, and (2) directing consumers to opt-out directly with third parties (e.g., the Network Advertising Initiative). CalPrivacy stated these methods are “insufficient means” for a consumer to opt-out of sale/sharing that takes place via tracking technologies.  

The decision noted it was not relevant that “PlayOn ran only one targeted advertising campaign on its ticketing platform during the relevant time period,” as the single campaign alone constituted CCPA “sharing.” 

CalPrivacy next alleged that, in connection with the same alleged sale/sharing via tracking technologies, “PlayOn failed to configure its [d]igital [p]roperties to recognize and honor... Opt-out Preference Signals [‘OOPS’]”, causing PlayOn to not honor consumer opt-out requests made via OOPS, in violation of CCPA. 

Finally, CalPrivacy alleged that PlayOn’s required notices regarding opt-out rights, including its privacy policy and “Your Privacy Choices” page, failed to inform consumers of their opt-out rights generally and with respect to OOPS, violating CCPA in its own right and in each sale/sharing that took place without the required notices. 

Settlement Terms: Cookie Inventory, Audience-Appropriate Notices, and More 

PlayOn must pay a $1.1M penalty and comply with injunctive terms under the decision. In addition to standard terms requiring PlayOn to resolve the alleged violations and comply with CCPA, PlayOn must also (1) scan its digital properties “at least quarterly, to maintain a full and current inventory” of tracking technologies, (2) update its privacy notices as required and with consideration to ease-of-use based on age of the intended audience (e.g., “disclosures made on services selling tickets to high school events must be easy to read and understandable to attendees of those events”), and (3) post the metrics related to consumer rights described in 11 CCR § 7102, though it is not clear whether PlayOn otherwise would meet the threshold for such reporting.  

The injunctive terms also discuss the application of CCPA’s newly-effective risk assessment requirements, which are triggered by PlayOn selling personal information and disclosing it for cross-context behavioral advertising. For example, as part of weighing negative impacts these practices have on consumer privacy, CalPrivacy states PlayOn must consider “whether users are required to consent to [selling/sharing] … in order to participate in certain events.” 

Key Takeaways 

Businesses that utilize tracking technologies and are subject to CCPA should consider taking the following steps: 

Update cookie inventories. Though not explicitly stated, the settlement terms imply that part of PlayOn’s alleged failure to honor opt-out requests was based on PlayOn not having accurate and up-to-date information about the tracking technologies being implemented on its digital properties. Awareness of which cookies are being used, and whether there are sales or “sharing” involved in each cookie, will help ensure (1) opt-out requests are implemented with respect to all tracking technologies, and (2) opt-out notices accurately describe cookie practices. 

Review cookie opt-out methods. CalPrivacy emphasized the disconnect between how sale/sharing was allegedly taking place (tracking technologies) and how consumers could opt-out of that sale/sharing (phone or email). If you haven’t implemented a consumer-facing consent management tool aligned to your methods of tracking, revisit whether it’s an option for your business, and ensure that your opt-out intake methods will stop all sale/sharing via tracking technologies. 

Check OOPS configurations. PlayOn allegedly failed to configure its websites to recognize OOPS signals it received from consumer browsers. If your business is subject to CCPA, work with your technical team to make sure that your digital properties are recognizing and honoring opt-out requests submitted via OOPS. 

Hintze Law PLLC is a Chambers-ranked and Legal 500-recognized, boutique law firm that provides counseling exclusively on data protection including AI, privacy, and data security. Hintze attorneys and data consultants support technology, advertising, media, fintech, health, biotech, ecommerce, and mobile industries.